« Big trouble if PCI-DSS requires CSRF | Main | There is no Data, there is only XUL: Using XUL to spoof a web browser and next generation UIML phishing attacks »

Javascript is everywhere

DSHIELD has a published a writup about some of the places that JavaScript can exist called Javascript hiding everywhere. Some of those places include

- Quicktime
- Flash
- PDF Files
- MP3's

"Frequent readers will know that we often recommend to ease up on allowing scripting as it's used by the bad guys. XSS bugs are basically so bad, not for the example <sc ript>alert()'XSS'*</sc ript> (spaces added for the overly paranoid web content filters) you might see, but for much nastier things starting with capturing your cookies (read credentials, session keys etc.). Keyloggers aren't impossible either and making you unknowingly upload files  from your hard disk to malicious websites etc. is all quite possible in javascript.

And if you supposed it stops in your browser seeing javascript in HTML pages themselves, think again:"

Article Link: http://jeremiahgrossman.blogspot.com/2007/03/big-trouble-if-pci-dss-requires-csrf.html


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!